Merge tag 'kvm-x86-svm-6.8' of https://github.com/kvm-x86/linux into HEAD

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

KVM SVM changes for 6.8:

- Revert a bogus, made-up nested SVM consistency check for TLB_CONTROL.

- Advertise flush-by-ASID support for nSVM unconditionally, as KVM always
flushes on nested transitions, i.e. always satisfies flush requests. This
allows running bleeding edge versions of VMware Workstation on top of KVM.

- Sanity check that the CPU supports flush-by-ASID when enabling SEV support.

- Fix a benign NMI virtualization bug where KVM would unnecessarily intercept
IRET when manually injecting an NMI, e.g. when KVM pends an NMI and injects
a second, "simultaneous" NMI.

Paolo Bonzini 2 years ago 8c9244af 8ecb10bc

+21 -19

3 changed files

expand all

arch

x86

kvm

svm

nested.c

sev.c

svm.c

-15

arch/x86/kvm/svm/nested.c

··· 253 253 kvm_vcpu_is_legal_gpa(vcpu, addr + size - 1); 254 254 } 255 255 256 - static bool nested_svm_check_tlb_ctl(struct kvm_vcpu *vcpu, u8 tlb_ctl) 257 - { 258 - /* Nested FLUSHBYASID is not supported yet. */ 259 - switch(tlb_ctl) { 260 - case TLB_CONTROL_DO_NOTHING: 261 - case TLB_CONTROL_FLUSH_ALL_ASID: 262 - return true; 263 - default: 264 - return false; 265 - } 266 - } 267 - 268 256 static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu, 269 257 struct vmcb_ctrl_area_cached *control) 270 258 { ··· 270 282 return false; 271 283 if (CC(!nested_svm_check_bitmap_pa(vcpu, control->iopm_base_pa, 272 284 IOPM_SIZE))) 273 - return false; 274 - 275 - if (CC(!nested_svm_check_tlb_ctl(vcpu, control->tlb_ctl))) 276 285 return false; 277 286 278 287 if (CC((control->int_ctl & V_NMI_ENABLE_MASK) &&

+5 -2

arch/x86/kvm/svm/sev.c

··· 2191 2191 /* 2192 2192 * SEV must obviously be supported in hardware. Sanity check that the 2193 2193 * CPU supports decode assists, which is mandatory for SEV guests to 2194 - * support instruction emulation. 2194 + * support instruction emulation. Ditto for flushing by ASID, as SEV 2195 + * guests are bound to a single ASID, i.e. KVM can't rotate to a new 2196 + * ASID to effect a TLB flush. 2195 2197 */ 2196 2198 if (!boot_cpu_has(X86_FEATURE_SEV) || 2197 - WARN_ON_ONCE(!boot_cpu_has(X86_FEATURE_DECODEASSISTS))) 2199 + WARN_ON_ONCE(!boot_cpu_has(X86_FEATURE_DECODEASSISTS)) || 2200 + WARN_ON_ONCE(!boot_cpu_has(X86_FEATURE_FLUSHBYASID))) 2198 2201 goto out; 2199 2202 2200 2203 /* Retrieve SEV CPUID information */

+16 -2

arch/x86/kvm/svm/svm.c

··· 3563 3563 if (svm->nmi_l1_to_l2) 3564 3564 return; 3565 3565 3566 - svm->nmi_masked = true; 3567 - svm_set_iret_intercept(svm); 3566 + /* 3567 + * No need to manually track NMI masking when vNMI is enabled, hardware 3568 + * automatically sets V_NMI_BLOCKING_MASK as appropriate, including the 3569 + * case where software directly injects an NMI. 3570 + */ 3571 + if (!is_vnmi_enabled(svm)) { 3572 + svm->nmi_masked = true; 3573 + svm_set_iret_intercept(svm); 3574 + } 3568 3575 ++vcpu->stat.nmi_injections; 3569 3576 } 3570 3577 ··· 5085 5078 if (nested) { 5086 5079 kvm_cpu_cap_set(X86_FEATURE_SVM); 5087 5080 kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN); 5081 + 5082 + /* 5083 + * KVM currently flushes TLBs on *every* nested SVM transition, 5084 + * and so for all intents and purposes KVM supports flushing by 5085 + * ASID, i.e. KVM is guaranteed to honor every L1 ASID flush. 5086 + */ 5087 + kvm_cpu_cap_set(X86_FEATURE_FLUSHBYASID); 5088 5088 5089 5089 if (nrips) 5090 5090 kvm_cpu_cap_set(X86_FEATURE_NRIPS);